Google Workspace Enterprise Authentication Tied to One User

Last Updated: Sep 10, 2025

Overview

When an employee whose credentials were used to set up a Google Workspace Enterprise connection is removed, all authentication stops, and the connection ceases to allow log-ins until another person with administrative permissions on the Google Workspace re-grants Auth0's permissions via the URL in the Setup Tab of the SSO setup.

How are the permissions between the Google Workspace Enterprise connection configuration tied to Google Workspaces? Is there a way to set up the Google Workspace connection so it's not tied specifically to the administrator who granted the permissions?

Applies To

Google Workspace

Cause

If any Extended Attributes are checked for the connection, these extended attributes require calling the Google Directory API with an Admin's access token, not the client's.

If the admin that sets up the connection is deleted, these tokens will be rejected by Google as they are no longer associated with a valid account.

Solution

The new Google Workspace admin needs to use the Continue link found on the Setup Tab for the relevant Google Workspace Enterprise connection to reauthorize the application for API access.